Proliferation of computers and wireless communication together has brought us to an era of wireless networking. The recent growth of wireless networks is driven, at least in part, by such benefits as ease of installation, mobility, and flexibility. These benefits can offer gains in efficiency, accuracy, and lower business costs.
The use of wireless and mobile data transfer technologies has created new issues of concern involving, for example, security-related issues such as authentication (e.g., verifying the identity of communicating client stations), confidentiality or privacy, and data integrity (e.g., insuring that data messages are not modified in transit between wireless client stations and access points). The flexibility of wireless networks has a primary drawback in that data is no longer propagated through wires, but instead is sent using radio frequency transmissions that are susceptible to eavesdropping and interference, which undesirably affects security-related issues.
The Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard, and the supplements relating thereto, address medium access control over a WLAN. The IEEE 802.11 specification includes certain built-in features for providing a secure operating environment. Wireless LANs compliant with IEEE 802.11 generally attempt to combat data security problems through the use of open system cryptographic techniques for the wireless interface. The security services are provided largely by the wired equivalent privacy (WEP) protocol to protect link-level data during wireless transmission between client stations and access points. That is, WEP only provides a security mechanism for the wireless portion of the connection. The WEP cryptographic technique for confidentiality also uses an RC4 (Ron's Code #4 or Rivest) symmetric-key, stream cipher algorithm to generate a pseudo-random data sequence. The IEEE 802.11 standard is set forth in the document IEEE Std. 802.11, entitled Supplement to IEEE Standard for Information Technology—Telecommunications and Information Exchange Between Systems—Local Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, 1999 Edition, and in the supplements relating thereto, which are incorporated herein by reference.
Open system authentication is essentially a null authentication in which any station is authenticated by the access point. Shared key authentication typically supports authentication of stations either with or without knowledge of a shared secret key and is generally accomplished by sending clear text to the station. The station then encrypts the clear text data and sends the encrypted data back to the access point. If the station has the correct key, the access point can decrypt the message and authenticate the station.
The conventional authentication key process of transmitting both clear text data and encrypted data leaves this methodology highly vulnerable to eavesdropping, interference and/or other security-related issues. Although the IEEE 802.11 specification provides some degree of security, it does not solve the problem of access control at the wireless level.
There is a need, therefore, for improved access control techniques for use in a wireless system which address the above-mentioned security-related problems.